Security readout for executives and security teams
Plain-English summary
This is a Linux kernel denial-of-service issue. A local low-privileged user or process could trigger a kernel crash through AF_PACKET handling, causing system availability impact. The sources do not show data theft, data modification, or remote network exploitation.
Executive priority
Schedule remediation in the normal high-availability patch cycle, with faster handling for multi-user, hosted, or operationally critical Linux systems. Business risk is service disruption, not confirmed compromise or data exposure based on the provided evidence.
Technical view
AF_PACKET handling in vlan_get_protocol_dgram() mishandles MSG_PEEK and can alter shared sk_buff state, leading to skb_under_panic and a kernel BUG during packet_recvmsg/recvmmsg. CVSS is 5.5: local, low complexity, low privileges, no user interaction, availability high.
Likely exposure
Exposure is most relevant on Linux systems where untrusted local users, workloads, or containers can reach AF_PACKET behavior. The provided data lists Linux kernel versions and stable fixes, plus Debian LTS and Siemens advisories. Remote-only exposure is not supported by the CVSS vector.
Exploitation context
The source bundle cites syzbot discovery and a crash trace. It does not cite public exploitation, weaponized exploit availability, or CISA KEV listing; KEV is false. Treat this as a local availability risk rather than confirmed active exploitation.
Researcher notes
Focus validation on AF_PACKET reachability, local privilege boundaries, container namespace policy, and whether vendor kernels include the upstream stable fixes. The source bundle does not provide enough evidence to claim remote reachability or exploitation beyond a crash proof found by syzbot.
Mitigation direction
Apply vendor kernel updates that include the referenced stable fixes.
Check Debian LTS and Siemens advisories if those distributions or products are used.
Prioritize shared servers, multi-tenant hosts, and container platforms with untrusted workloads.
Review vendor guidance before using temporary controls as a substitute for patching.
Validation and detection
Inventory Linux kernel versions across servers, appliances, and container hosts.
Compare deployed kernels against vendor advisories and the referenced stable fix commits.
Identify systems allowing untrusted local shell, jobs, or container workloads.
Confirm patched systems rebooted into the updated kernel.
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Potential ATT&CK relevance
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
cve · low confidence lookup
CVE-2024-57901 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.